chore(deps): [ai] Update dependency Pillow to v12.2.0 [SECURITY]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
Pillow (changelog)	==12.1.1 → ==12.2.0

GitHub Vulnerability Alerts

CVE-2026-40192

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #​9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

---

FITS GZIP decompression bomb in Pillow

BIT-pillow-2026-40192 / CVE-2026-40192 / GHSA-whj4-6x5x-4v2j

More information

Details

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #​9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j
• https://nvd.nist.gov/vuln/detail/CVE-2026-40192
• https://github.com/python-pillow/Pillow/pull/9521
• https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628
• https://github.com/python-pillow/Pillow
• https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

python-pillow/Pillow (Pillow)

v12.2.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #​9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #​9482 [@​bitplane]
• Update Python versions #​9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #​9513 [@​aclark4life]
• Add release notes for #​9394, #​9419 and #​9456 #​9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #​9459 [@​bitplane]
• Merge PFM documentation into PPM #​9434 [@​radarhere]
• Update macOS tested Pillow versions #​9431 [@​radarhere]
• Fix CVE number #​9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #​9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #​9507 [@​radarhere]
• Update libpng to 1.6.56 #​9499 [@​radarhere]
• Update freetype to 2.14.3 #​9485 [@​radarhere]
• Updated libavif to 1.4.1 #​9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #​9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #​9453 [@​radarhere]
• Update libavif to 1.4.0 #​9460 [@​radarhere]
• Update freetype to 2.14.2 #​9449 [@​radarhere]
• Update actions/download-artifact action to v8 #​9451 [@​renovate[bot]]
• Updated libpng to 1.6.55 #​9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #​9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #​9516 [@​hugovk]
• Enable colour in CI logs #​9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Simplify TGA test code #​9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #​9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #​9454 [@​hugovk]
• Add check-case-conflict hook #​9446 [@​radarhere]
• Specify platform when pulling docker image #​9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #​9437 [@​hugovk]
• Update macOS tested Pillow versions #​9431 [@​radarhere]

Other changes

• Check calloc return value #​9527 [@​radarhere]
• Check all allocs in the Arrow tree #​9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #​9526 [@​hugovk]
• Move variable declaration inside define #​9525 [@​radarhere]
• Resize tall images vertically first #​9524 [@​radarhere]
• Avoid overflow by not adding extents together #​9520 [@​hugovk]
• Use long for glyph position #​9518 [@​hugovk]
• Raise an error if the trailer chain loops back on itself #​9519 [@​hugovk]
• Only read as much data from gzip-decompressed data as necessary #​9521 [@​hugovk]
• Allow None extents in C setimage() #​9504 [@​radarhere]
• Use critical sections to protect FontObject #​9498 [@​colesbury]
• Add ImageText.Text.wrap() to wrap text #​9286 [@​radarhere]
• Always call StubHandler open() when opening StubImageFile #​9412 [@​radarhere]
• Improved BCn overflow check #​9043 [@​radarhere]
• Image will never be None #​9512 [@​radarhere]
• Raise EOFError when seeking too far in PSD #​9388 [@​radarhere]
• Raise error if ImageGrab subprocess gives non-zero returncode #​9321 [@​radarhere]
• Allow for different palette entry sizes when correcting BMP pixel data offset #​9472 [@​radarhere]
• Ignore unspecified extra samples for TIFF separate planar configuration #​9514 [@​radarhere]
• Add PERF to lint and fix findings #​9510 [@​hugovk]
• Switch iOS back to macos-15-intel #​9509 [@​radarhere]
• Catch struct.error #​9505 [@​radarhere]
• Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #​9508 [@​radarhere]
• Fix missing null dereference checks #​9489 [@​wiredfool]
• CI: Retry failed downloads #​9506 [@​hugovk]
• Use PyModule_AddObjectRef #​9503 [@​radarhere]
• Release reference to encoder on error #​9500 [@​radarhere]
• Fixed AVIF and WEBP dealloc #​9501 [@​radarhere]
• Check PyType_Ready return values #​9502 [@​radarhere]
• Check if PyObject_CallMethod result is NULL #​9494 [@​radarhere]
• Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #​9468 [@​radarhere]
• If TGA v2 extension area specifies no alpha, fill alpha channel #​9478 [@​radarhere]
• Set image pixels individually on 32-bit Windows #​9492 [@​radarhere]
• Add error messages before returning NULL when encoding #​9493 [@​radarhere]
• Fix _getxy refcount leaks #​9487 [@​hugovk]
• Fix invalid test font #​9483 [@​radarhere]
• Add Exif tag "FrameRate" #​9470 [@​zhiyuanouyang]
• Support reading JPEG2000 images with CMYK palettes #​9456 [@​radarhere]
• Simplify setimage() by always passing extents #​9395 [@​radarhere]
• If bitmap buffer is empty, do not render anything #​8324 [@​radarhere]
• Change to ValueError when encoding an empty image #​9394 [@​radarhere]
• Add FontFile.to_imagefont() #​9419 [@​fjhenigman]
• [pre-commit.ci] pre-commit autoupdate #​9450 [@​pre-commit-ci[bot]]
• Use walrus operator #​9448 [@​radarhere]
• Only close file handle in ImagePalette.save() if it was opened internally #​9444 [@​bysiber]
• Fix self.decode typo #​9445 [@​bysiber]
• Fix BMP RLE delta escape reading from wrong file position #​9443 [@​bysiber]
• Correct error check when encoding AVIF images #​9442 [@​radarhere]
• Fix unexpected error when saving zero dimension images #​9391 [@​radarhere]
• Use uppercase format ID for PALM #​9435 [@​radarhere]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.